Date post: | 15-Jan-2015 |
Category: |
Technology |
Upload: | maurice-dawson |
View: | 200 times |
Download: | 2 times |
Cyber Security in
Prepared by Dr. Maurice Dawson, CSSLP, CGEIT, C|CISO
Agenda
Presenter Background
Your Motivation for this Session
Hyperconnectivity
Guidance
Products
Tools
Cyber Security Training
Personnel Hiring
Closer to Home
Speaker
Dr. Maurice (Mo) Dawson Jr.
Assistant Professor, Information Systems
Office: 228 Express Scripts Hall
Voice: TBA
Email: [email protected]
Work Experience Assistant Professor of Information Systems, University of Missouri- St. Louis, 08/14 - Present Fulbright Grantee, South Ural State University, Russia, 09/14 - 09/14 ABET CS Accreditation Consultant, Colorado State University - Global Campus, 04/14-07/14 Assistant Professor of Management Information Systems, Alabama A&M University, 08/11 - 05/14 Visiting Professor, The University of the Gambia, 03/14 - Present Visiting Assistant Professor (Honorary) of Industrial and Systems Engineering, The University of Tennessee, Knoxville & Space Institute, 02/14 - Present Research Associate, Morgan State University, 08/10 - 08/11 Engineering Manager, Textron Systems - AAI Unmanned Air Systems (UAS) Division, 01/10 - 08/11 Information Assurance Director, Future Research Corporation, 07/08 - 12/09 Senior Program Manager, Rockwell Collins - Government Systems Division, Scout, Attack & Special Mission Solutions, 06/06 - 07/08 Senior Systems Engineer, Rockwell Collins - Government Systems Division, Rotary Wing & Cryptographic Embedded Systems, 08/04 - 06/08 Information Assurance Engineer, British Aerospace Engineering (BAE) Systems - Missile Defense Agency (MDA) Support, 05/04 - 08/04 Cryptographic Technician, United States Navy Reserves, 10/05 - 09/08 Senior Systems Analyst, Iowa National Guard, 01/00 - 10/05
Current Research Dawson, M. (2015) Software Assurance Maturity Model: The Need for Secure Design Process Management. Managing Software Process Evolution, How to handle process change?. proposal accepted, in process
Dawson, M., & Leonard, B. (2015) Software and Supply Chain: Ensuring the Delivery of Secure Systems. Encyclopedia of Global Supply Chain Management. proposal accepted, in process
Dawson, M., Wright, J., & Truesdale, J. (2015) Cyber Security: Designing Solutions for Mobile Security & Health Information Technology. Encyclopedia of E-Health and Telemedicine. proposal accepted, in process
Dawson, M., Wright, J., & Omar, M. (2015) Mobile Devices: The Case for Security Hardened Systems. Handbook of Research on New Threats and Countermeasures in Digital Crime and Cyber Terrorism. accepted for publication and forthcoming.
Leonard, B. & Dawson, M. (2015) Legal Issues: Security and Privacy with Mobile Devices. Handbook of Research on New Threats and Countermeasures in Digital Crime and Cyber Terrorism. accepted for publication and forthcoming.
Dawson, M., Leonard, B., & Rahim, E. (2014) Advances in Technology Project Management: Review of Open Source Software Integration. Technology, Innovation, and Enterprise Transformation. accepted for publication and forthcoming.
Dawson, M., Marwan, O., & Abramson, J. (2014) Understanding the Methods Behind Cyber Terrorism. Encyclopedia of Information Science& Technology 3rd Edition. accepted for publication and forthcoming
Dawson, M., Al Saeed, I., Wright, J., & Onyegbula, F. (2014) Open Source Software to Enhance the STEM Learning Environment. Encyclopedia of Education and Technology. accepted for publication and forthcoming
Dawson, M., Omar, M., Abramson, J., & Bessette, D. (2014). The Future of National and International Security on the Internet. Information Security in Diverse Computing Environments. accepted for publication and forthcoming
Dawson, M. E., & Al Saeed, I. (2012). Use of Open Source Software and Virtualization in Academia to Enhance Higher Education Everywhere. Cutting-edge Technologies in Higher Education, 6, 283-313.
YOUR MOTIVATION FOR THIS SESSION
Motivation
HYPERCONNECTIVITY
Introduction
Hyperconnectivity is a growing trend that is driving cyber security experts to develop new security architectures for multiple platforms such as mobile devices, laptops, and even wearable displays. The futures of national and international security rely on complex countermeasures to ensure that a proper security posture is maintained during this state of hyperconnectivity. To protect these systems from exploitation of vulnerabilities it is essential to understand current and future threats to include the laws that drive their need to be secured. Examined within this presentation are the potential security related threats with the use of social media, mobile devices, virtual worlds, augmented reality, and mixed reality. Further reviewed are some examples of the complex attacks that could interrupt human-robot interaction, children-computer interaction, mobile computing, social networks, and more through human centered issues in security design.
System of Systems Concept
Information Assurance Defined
Information Assurance (lA) is defined as the practice of protecting and defending information and information systems by ensuring their availability, integrity, authentication, confidentiality and non repudiation. This definition also encompasses disaster recovery, physical security, cryptography, application security, and business continuity of operations.
Cyber Terrorism
Cyber terrorism is on the rise and is constantly affecting millions every day. These malicious attacks can affect one single person to entire government entities. These attacks can be done with a few lines of code or large complex programs that have the ability to target specific hardware. As the United States government has stated, an act of cyber terrorism is an act of war; it is imperative that we explore this new method of terrorism and how it can be mitigated to an acceptable risk.
Recent Events
Cyber security has become a matter of national, international, economic, and societal importance that affects multiple nations (Walker, 2012).
ln Estonia and Georgia there were direct attacks on government cyber infrastructure (Beidleman, 2009). The attacks in Estonia rendered the government's infrastructure useless.
The government and other associated entities heavily relied upon this e-government infrastructure. These attacks help lead to the development of cyber defense organizations that drive laws and policies within Europe.
Laws and Policies to Combat Terrorism
The USA PATRIOT was signed into law by President George W. Bush in 2001 after September 11, 200 I (Bullock, Haddow, Coppola, & Yeletaysi, 2009). This act was created in response to the event of 9/11 which provided government agencies increased abilities. These increased abilities provided the government rights to search various communications such as email, telephone records, medical records, and more of those who were thoughts of terrorist acts (Bullock, Haddow, Coppola, & Yeletaysi, 2009).
Stuxnet Worm
During the fall of 20 l 0 many headlines declared that Stuxnet was the game-changer in terms of cyber warfare (Denning, 2012). This malicious worm was complex and designed to target only a specific system. This worm had the ability to detect location, system type, and more. And this worm only attacked the system if it met specific parameters that were designed in the code. Stuxnet tampered directly with software in a programmable logic controller (PLC) that controlled the centrifuges at Natanz. This tampering ultimately caused a disruption in the Iranian nuclear program.
SCADA Systems
The Department of Homeland Security (DHS) is concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. SCADA systems are the systems that autonomously monitor and adjust switching among other processes within critical infrastructures such as nuclear plants, and power grids. DHS is worried about these systems as they are unmanned frequently and remotely accessed. As they are remotely accessed, this could allow anyone to take control of assets to critical infrastructure remotely. There has been increasing mandates and directives to ensure any system deployed meets stringent requirements. As the Stuxnet worm has become a reality, future attacks could be malicious code directly targeting specific locations of critical infrastructure.
Measuring Success & Loss
Virus in Bash Script
Example Copy Script in Bash
Vulnerabilities & Threats
Malware to Hack into Smartphones
Legitimate Applications that Can Be Used to Retrieve Information
Presently, there is valid spy software available for various smartphones. An example of this is FlexiSpy, a legitimate commercial spyware program that cost over $300 (United States Computer Emergency Readiness Team, 2010). FlexiSpy can:
Listen to actual phone calls as they happen;
Secretly read Short Message Service (SMS) texts, call logs, and emails;
Listen to the phone surroundings (use as remote bugging device);
View phone GPS location;
Forward all email events to another inbox;
Remotely control all phone functions via SMS;
Accept or reject communication based on predetermined lists; and
Evade detection during operation (United States Computer Emergency Readiness Team,2010).
Internet Stalking
The increase of the social networking trend can be based on the security features of for every user. Internet stalking can be noted by a threat from an outside source that harms or conflicts harm to a piece of information or person. These threats can international or nation depending on where the organization or user is geographically located. With internet stalking being noted more often in today's society; it is also presumed that people are also becoming more vulnerable to attacks from internet insecurity. Insecure internet can be looked at based on what the user currently is using in terms of connectivity but can always be looked at as a threat to any customer.
When international threats are aimed at consumers, it can be perceived as a threat that is directed to the nation based that it is from outside the country. These circumstances can be legal or illegal based on the source of the threat. Many users see these types of threats as being identified as acts of terror based that many users do not know much information about the types of threats that are visible.
Internet Stalking
Certification & Accreditation
GUIDANCE
NIST Special Pubs
NIST Publications
PRODUCTS
CESG Ubuntu Report
Linux Distro Timeline
Security Technical Implementation Guides (STIGs) and the NSA Guides
TOOLS
Special Features Available in Kali
Over the months of development, we occasionally add cool new features to Kali and document them on our blogs. The following list attempts to gather some of
Automating Kali Linux deployment via Unattended PXE installations Kali Linux ISO of doom, the perfect hardware backdoor. Customizing and bending Kali Linux to your will using Kali Linux live build recipes. Mastering Kali Linux tool sets with Kali Metapackages. Kali Linux in the cloud Kali Amazon EC2 images available. Kali Linux LUKS Full Disk Encryption (FDE). Nuking your Kali Linux hard disk with the Kali LUKS nuke option. Kali Linux running on Android through Linux Deploy. Kali Linux accessibility features, adding support for blind and visually impaired users. Kali Linux on a Raspberry Pi and a bunch of other interesting ARM devices. Kali Linux Live USB persistence with LUKS encryption. Click http://www.kali.org/official-documentation/ for further information
Big Data Wonders: 8 'Free'Data Visualisation & Analysis Tools 1. OpenRefine http://openrefine.org/
2. R Project for Statistical Computing http://www.r-project.org/
3. Google Fusion Tables https://support.google.com/fusiontables/answer/2571232
4. Exhibit http://simile-widgets.org/exhibit/
5. JavaScript InfoVis Toolkit http://philogb.github.io/jit/
6. Protovis http://mbostock.github.io/protovis/
7. OpenLayers http://openlayers.org/
8. Gephi https://gephi.github.io/
VMware
VMware
CYBER SECURITY TRAINING
Cyber Security Education, Training and Awareness
Click http://iase.disa.mil/eta/index.html for online training
Order Cyber Security Products Click http://iase.disa.mil/eta/downloads/pdf/products_order_form.pdf to go to order form
IA Courseware Institutions
PERSONNEL - HIRING
(ISC)² Global Information Security Workforce Study
CLOSER TO HOME
Analytics
Anonymous Hacked Multiple Sites
Actually Stole From U.S. Companies Solar power technology
Nuclear power plant technology
Inside information on U.S. business strategy
Data enabling the Chinese to outwit U.S. regulators
US Navy Sailor Hacked Government Computers, Released Secret Records
Secret US Embassy Cables
Any Questions
Twitter Google Scholar Research Gate Academia.edu - Selected Works